Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2019-14899

Channel Accessible by Non-Endpoint

Published: Dec 11, 2019 | Modified: Mar 01, 2023
CVSS 3.x
7.4
HIGH
Source:
NVD
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
4.9 MEDIUM
AV:A/AC:M/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
7.4 IMPORTANT
CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Ubuntu
LOW
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2019-14899
CWEhttps://cwe.mitre.org/data/definitions/300.html

A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.

Weakness

The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.

Affected Software

Name Vendor Start Version End Version
Freebsd Freebsd - (including) - (including)
Linux_kernel Linux - (including) - (including)
Openbsd Openbsd - (including) - (including)
Linux Ubuntu bionic *
Linux Ubuntu disco *
Linux Ubuntu eoan *
Linux Ubuntu esm-infra-legacy/trusty *
Linux Ubuntu groovy *
Linux Ubuntu hirsute *
Linux Ubuntu impish *
Linux Ubuntu kinetic *
Linux Ubuntu lunar *
Linux Ubuntu mantic *
Linux Ubuntu precise/esm *
Linux Ubuntu trusty *
Linux Ubuntu trusty/esm *
Linux Ubuntu xenial *
Linux-allwinner Ubuntu kinetic *
Linux-allwinner Ubuntu lunar *
Linux-allwinner Ubuntu upstream *
Linux-allwinner-5.19 Ubuntu jammy *
Linux-allwinner-5.19 Ubuntu upstream *
Linux-aws Ubuntu bionic *
Linux-aws Ubuntu disco *
Linux-aws Ubuntu eoan *
Linux-aws Ubuntu esm-infra-legacy/trusty *
Linux-aws Ubuntu groovy *
Linux-aws Ubuntu hirsute *
Linux-aws Ubuntu impish *
Linux-aws Ubuntu kinetic *
Linux-aws Ubuntu lunar *
Linux-aws Ubuntu mantic *
Linux-aws Ubuntu trusty *
Linux-aws Ubuntu trusty/esm *
Linux-aws Ubuntu xenial *
Linux-aws-5.0 Ubuntu bionic *
Linux-aws-5.0 Ubuntu esm-infra/bionic *
Linux-aws-5.0 Ubuntu upstream *
Linux-aws-5.11 Ubuntu focal *
Linux-aws-5.11 Ubuntu upstream *
Linux-aws-5.13 Ubuntu focal *
Linux-aws-5.13 Ubuntu upstream *
Linux-aws-5.19 Ubuntu jammy *
Linux-aws-5.19 Ubuntu upstream *
Linux-aws-5.3 Ubuntu bionic *
Linux-aws-5.3 Ubuntu esm-infra/bionic *
Linux-aws-5.3 Ubuntu upstream *
Linux-aws-5.4 Ubuntu bionic *
Linux-aws-5.8 Ubuntu focal *
Linux-aws-5.8 Ubuntu upstream *
Linux-aws-6.2 Ubuntu jammy *
Linux-aws-6.2 Ubuntu upstream *
Linux-aws-6.5 Ubuntu jammy *
Linux-aws-6.5 Ubuntu upstream *
Linux-aws-fips Ubuntu fips-updates/bionic *
Linux-aws-fips Ubuntu fips/bionic *
Linux-aws-hwe Ubuntu xenial *
Linux-azure Ubuntu bionic *
Linux-azure Ubuntu disco *
Linux-azure Ubuntu eoan *
Linux-azure Ubuntu esm-infra-legacy/trusty *
Linux-azure Ubuntu esm-infra/bionic *
Linux-azure Ubuntu groovy *
Linux-azure Ubuntu hirsute *
Linux-azure Ubuntu impish *
Linux-azure Ubuntu kinetic *
Linux-azure Ubuntu lunar *
Linux-azure Ubuntu mantic *
Linux-azure Ubuntu trusty *
Linux-azure Ubuntu trusty/esm *
Linux-azure Ubuntu xenial *
Linux-azure-4.15 Ubuntu bionic *
Linux-azure-5.11 Ubuntu focal *
Linux-azure-5.11 Ubuntu upstream *
Linux-azure-5.13 Ubuntu focal *
Linux-azure-5.13 Ubuntu upstream *
Linux-azure-5.19 Ubuntu jammy *
Linux-azure-5.19 Ubuntu upstream *
Linux-azure-5.3 Ubuntu bionic *
Linux-azure-5.3 Ubuntu esm-infra/bionic *
Linux-azure-5.3 Ubuntu upstream *
Linux-azure-5.4 Ubuntu bionic *
Linux-azure-5.8 Ubuntu focal *
Linux-azure-5.8 Ubuntu upstream *
Linux-azure-6.2 Ubuntu jammy *
Linux-azure-6.2 Ubuntu upstream *
Linux-azure-6.5 Ubuntu jammy *
Linux-azure-6.5 Ubuntu upstream *
Linux-azure-edge Ubuntu bionic *
Linux-azure-edge Ubuntu esm-infra/bionic *
Linux-azure-edge Ubuntu upstream *
Linux-azure-fde Ubuntu focal *
Linux-azure-fde-5.19 Ubuntu jammy *
Linux-azure-fde-5.19 Ubuntu upstream *
Linux-azure-fde-6.2 Ubuntu jammy *
Linux-azure-fde-6.2 Ubuntu upstream *
Linux-azure-fips Ubuntu fips-updates/bionic *
Linux-azure-fips Ubuntu fips/bionic *
Linux-dell300x Ubuntu bionic *
Linux-dell300x Ubuntu upstream *
Linux-fips Ubuntu fips-updates/bionic *
Linux-fips Ubuntu fips-updates/xenial *
Linux-fips Ubuntu fips/bionic *
Linux-fips Ubuntu fips/xenial *
Linux-gcp Ubuntu bionic *
Linux-gcp Ubuntu disco *
Linux-gcp Ubuntu eoan *
Linux-gcp Ubuntu esm-infra/bionic *
Linux-gcp Ubuntu groovy *
Linux-gcp Ubuntu hirsute *
Linux-gcp Ubuntu impish *
Linux-gcp Ubuntu kinetic *
Linux-gcp Ubuntu lunar *
Linux-gcp Ubuntu mantic *
Linux-gcp Ubuntu xenial *
Linux-gcp-4.15 Ubuntu bionic *
Linux-gcp-5.11 Ubuntu focal *
Linux-gcp-5.11 Ubuntu upstream *
Linux-gcp-5.13 Ubuntu focal *
Linux-gcp-5.13 Ubuntu upstream *
Linux-gcp-5.19 Ubuntu jammy *
Linux-gcp-5.19 Ubuntu upstream *
Linux-gcp-5.3 Ubuntu bionic *
Linux-gcp-5.3 Ubuntu esm-infra/bionic *
Linux-gcp-5.3 Ubuntu upstream *
Linux-gcp-5.4 Ubuntu bionic *
Linux-gcp-5.8 Ubuntu focal *
Linux-gcp-5.8 Ubuntu upstream *
Linux-gcp-6.2 Ubuntu jammy *
Linux-gcp-6.2 Ubuntu upstream *
Linux-gcp-6.5 Ubuntu jammy *
Linux-gcp-6.5 Ubuntu upstream *
Linux-gcp-edge Ubuntu bionic *
Linux-gcp-fips Ubuntu fips-updates/bionic *
Linux-gcp-fips Ubuntu fips/bionic *
Linux-gke Ubuntu focal *
Linux-gke Ubuntu xenial *
Linux-gke-4.15 Ubuntu bionic *
Linux-gke-4.15 Ubuntu esm-infra/bionic *
Linux-gke-4.15 Ubuntu upstream *
Linux-gke-5.0 Ubuntu bionic *
Linux-gke-5.0 Ubuntu upstream *
Linux-gke-5.15 Ubuntu focal *
Linux-gke-5.15 Ubuntu upstream *
Linux-gke-5.3 Ubuntu bionic *
Linux-gke-5.3 Ubuntu upstream *
Linux-gke-5.4 Ubuntu bionic *
Linux-gke-5.4 Ubuntu esm-infra/bionic *
Linux-gke-5.4 Ubuntu upstream *
Linux-gkeop-5.15 Ubuntu focal *
Linux-gkeop-5.4 Ubuntu bionic *
Linux-gkeop-5.4 Ubuntu esm-infra/bionic *
Linux-gkeop-5.4 Ubuntu upstream *
Linux-hwe Ubuntu bionic *
Linux-hwe Ubuntu esm-infra/bionic *
Linux-hwe Ubuntu xenial *
Linux-hwe-5.11 Ubuntu focal *
Linux-hwe-5.11 Ubuntu upstream *
Linux-hwe-5.13 Ubuntu focal *
Linux-hwe-5.13 Ubuntu upstream *
Linux-hwe-5.19 Ubuntu jammy *
Linux-hwe-5.19 Ubuntu upstream *
Linux-hwe-5.4 Ubuntu bionic *
Linux-hwe-5.8 Ubuntu focal *
Linux-hwe-5.8 Ubuntu upstream *
Linux-hwe-6.2 Ubuntu jammy *
Linux-hwe-6.2 Ubuntu upstream *
Linux-hwe-edge Ubuntu bionic *
Linux-hwe-edge Ubuntu esm-infra/bionic *
Linux-hwe-edge Ubuntu esm-infra/xenial *
Linux-hwe-edge Ubuntu upstream *
Linux-hwe-edge Ubuntu xenial *
Linux-ibm Ubuntu kinetic *
Linux-ibm Ubuntu lunar *
Linux-ibm Ubuntu mantic *
Linux-ibm-5.4 Ubuntu bionic *
Linux-ibm-5.4 Ubuntu esm-infra/bionic *
Linux-intel-5.13 Ubuntu focal *
Linux-intel-5.13 Ubuntu upstream *
Linux-kvm Ubuntu bionic *
Linux-kvm Ubuntu disco *
Linux-kvm Ubuntu eoan *
Linux-kvm Ubuntu groovy *
Linux-kvm Ubuntu hirsute *
Linux-kvm Ubuntu impish *
Linux-kvm Ubuntu kinetic *
Linux-kvm Ubuntu lunar *
Linux-kvm Ubuntu xenial *
Linux-laptop Ubuntu mantic *
Linux-lowlatency Ubuntu kinetic *
Linux-lowlatency Ubuntu lunar *
Linux-lowlatency Ubuntu mantic *
Linux-lowlatency-hwe-5.19 Ubuntu jammy *
Linux-lowlatency-hwe-5.19 Ubuntu upstream *
Linux-lowlatency-hwe-6.2 Ubuntu jammy *
Linux-lowlatency-hwe-6.2 Ubuntu upstream *
Linux-lts-trusty Ubuntu precise/esm *
Linux-lts-xenial Ubuntu esm-infra-legacy/trusty *
Linux-lts-xenial Ubuntu trusty *
Linux-lts-xenial Ubuntu trusty/esm *
Linux-nvidia-6.2 Ubuntu jammy *
Linux-nvidia-6.2 Ubuntu upstream *
Linux-oem Ubuntu bionic *
Linux-oem Ubuntu disco *
Linux-oem Ubuntu eoan *
Linux-oem Ubuntu esm-infra/bionic *
Linux-oem Ubuntu upstream *
Linux-oem Ubuntu xenial *
Linux-oem-5.10 Ubuntu focal *
Linux-oem-5.10 Ubuntu upstream *
Linux-oem-5.14 Ubuntu focal *
Linux-oem-5.14 Ubuntu upstream *
Linux-oem-5.17 Ubuntu jammy *
Linux-oem-5.17 Ubuntu kinetic *
Linux-oem-5.17 Ubuntu upstream *
Linux-oem-5.6 Ubuntu focal *
Linux-oem-5.6 Ubuntu upstream *
Linux-oem-6.0 Ubuntu jammy *
Linux-oem-6.0 Ubuntu upstream *
Linux-oem-6.1 Ubuntu jammy *
Linux-oem-6.1 Ubuntu upstream *
Linux-oem-6.5 Ubuntu jammy *
Linux-oem-6.5 Ubuntu upstream *
Linux-oem-osp1 Ubuntu bionic *
Linux-oem-osp1 Ubuntu disco *
Linux-oem-osp1 Ubuntu eoan *
Linux-oem-osp1 Ubuntu upstream *
Linux-oracle Ubuntu bionic *
Linux-oracle Ubuntu disco *
Linux-oracle Ubuntu eoan *
Linux-oracle Ubuntu groovy *
Linux-oracle Ubuntu hirsute *
Linux-oracle Ubuntu impish *
Linux-oracle Ubuntu kinetic *
Linux-oracle Ubuntu lunar *
Linux-oracle Ubuntu mantic *
Linux-oracle Ubuntu xenial *
Linux-oracle-5.0 Ubuntu bionic *
Linux-oracle-5.0 Ubuntu esm-infra/bionic *
Linux-oracle-5.0 Ubuntu upstream *
Linux-oracle-5.11 Ubuntu focal *
Linux-oracle-5.11 Ubuntu upstream *
Linux-oracle-5.13 Ubuntu focal *
Linux-oracle-5.13 Ubuntu upstream *
Linux-oracle-5.3 Ubuntu bionic *
Linux-oracle-5.3 Ubuntu esm-infra/bionic *
Linux-oracle-5.3 Ubuntu upstream *
Linux-oracle-5.4 Ubuntu bionic *
Linux-oracle-5.8 Ubuntu focal *
Linux-oracle-5.8 Ubuntu upstream *
Linux-oracle-6.5 Ubuntu jammy *
Linux-oracle-6.5 Ubuntu upstream *
Linux-raspi Ubuntu groovy *
Linux-raspi Ubuntu hirsute *
Linux-raspi Ubuntu impish *
Linux-raspi Ubuntu kinetic *
Linux-raspi Ubuntu lunar *
Linux-raspi Ubuntu mantic *
Linux-raspi-5.4 Ubuntu bionic *
Linux-raspi2 Ubuntu bionic *
Linux-raspi2 Ubuntu disco *
Linux-raspi2 Ubuntu eoan *
Linux-raspi2 Ubuntu focal *
Linux-raspi2 Ubuntu upstream *
Linux-raspi2 Ubuntu xenial *
Linux-raspi2-5.3 Ubuntu bionic *
Linux-raspi2-5.3 Ubuntu upstream *
Linux-realtime Ubuntu jammy *
Linux-riscv Ubuntu focal *
Linux-riscv Ubuntu groovy *
Linux-riscv Ubuntu hirsute *
Linux-riscv Ubuntu impish *
Linux-riscv Ubuntu jammy *
Linux-riscv Ubuntu kinetic *
Linux-riscv Ubuntu lunar *
Linux-riscv Ubuntu mantic *
Linux-riscv-5.11 Ubuntu focal *
Linux-riscv-5.11 Ubuntu upstream *
Linux-riscv-5.19 Ubuntu jammy *
Linux-riscv-5.19 Ubuntu upstream *
Linux-riscv-5.8 Ubuntu focal *
Linux-riscv-5.8 Ubuntu upstream *
Linux-riscv-6.5 Ubuntu jammy *
Linux-riscv-6.5 Ubuntu upstream *
Linux-snapdragon Ubuntu bionic *
Linux-snapdragon Ubuntu disco *
Linux-snapdragon Ubuntu upstream *
Linux-snapdragon Ubuntu xenial *
Linux-starfive Ubuntu kinetic *
Linux-starfive Ubuntu lunar *
Linux-starfive Ubuntu mantic *
Linux-starfive-5.19 Ubuntu jammy *
Linux-starfive-5.19 Ubuntu upstream *
Linux-starfive-6.2 Ubuntu jammy *
Linux-starfive-6.2 Ubuntu upstream *
Linux-starfive-6.5 Ubuntu jammy *
Linux-starfive-6.5 Ubuntu upstream *

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use